My recent experience highlights the fact that we don’t have control over our personal data
In our earlier stories about data brokers, we told you why it’s important to be aware of the data that’s being collected and who’s collecting it. For your own safety, you should know what data brokers actually collect, which kinds of data is of interest, and how they sell your aggregated data.
Recently, I tried to remove my own data and found it to be a very frustrating online rabbit hole. You will find either task to be nearly impossible and, sadly, this is by intent and by design: They charge by the gigabyte and aren't paid for being accurate. And you don’t pay them anything, so you aren’t really the customer; you are just the unwilling victim.
There are also law firms that can help you with this process. But given that they charge a $3,500 retainer fee, you might want to first try to do this yourself.
Image credit: David Strom
I started out my own quest by submitting removal requests for my data to three places: Epsilon, Experian, and Intelius. I picked these somewhat at random, but the trio gives you a good idea of what you are in for. Epsilon wanted 45 days to send me a free report, while Intelius wanted $25 for a month's access to my "full" report. I could see a teaser of what they have collected, but to get the goods I would have to pony up the cash. Even more annoyingly, they continued to spam my message channel with upselling requests for days later.
Experian gave me a free credit report, since they are also one of the four credit agencies, and they also offered a free Dark Web scan. But let’s get back to their removal process. Take a look at the "also known as" entry here — who is “Davis Strom” and why is he showing up in my report?
You'll notice that there are three addresses also shown here. The one that I didn't black out is the address of my wife's former office. I don't know why it shows up here; I didn't have anything to do with her office, other than visit her from time to time. And then, at the bottom of the screencap, there’s a question asking if everything is correct. Sadly, there is no button to click to actually do anything about it.
For both brokers, I had to verify my identity with my birthdate and some facts from my credit history. That made me somewhat nervous: Was I just providing more details for them to exploit? Here's an example, shown below.
Image credit: David Strom
If you aren't sure of the correct answers, you’ll have some trouble getting to the next steps. Fortunately, I was able to pass this step. The last question is ridiculous: if anyone knows your birthdate, they should be able to figure out your star sign.
After you make it through this process, most of the information that Experian presented was stuff that I already knew, such as email addresses leaked by various breaches that I got notified of a long time ago. But unlike the services that informed me of those leaked passwords, it doesn't show the compromised passwords. It uses this as a come-on to do a free trial of their ID-scanning product, which requires a credit card to start the 30-day trial. Yuck.
By now, you can understand my frustration. But, luckily, DIY and expensive brokers aren’t the sole option out there for getting your data removed. Tools such as Avast BreachGuard can try to remove you with a lot less effort on your end. These tools take several days and work in the background, and you may get notified directly from the brokers that they are working on your request.
One of the first brokers to email me was LexisNexis, which told me that my request would take up to 30 days to process and “suppress your information from our products and services.” (That’s okay, I will wait.) They also state that they can’t guarantee that this suppression will be total – “it is possible that personal information may be reintroduced in our products in the future.”
Unfortunately, this experience highlights the fact that we don’t have control over our personal information and data. Until legislation is passed and enforced to protect consumers, even with an automated removal tool, you can only do so much.
We recently learned about major security breaches at Twilio and Slack. The manner in which these two organizations responded is instructive.
Amazon is expanding Amazon One, its palm-scanning payment technology, to 65 Whole Foods locations across California.